Remix.run Logo
Show HN: Osint tool that finds exposed files on domains(search.cerast-intelligence.com)
18 points by PatchRequest 3 hours ago | 4 comments

hey guys, wanted to show one of my side projects i just made public.

the idea is basically another osint tool for pentesters and bug bounty hunters. it watches certificate transparency logs and checks newly-seen domains for exposed stuff like .env files, open .git dirs, config files, db dumps and so on, and puts whatever it finds into a searchable db. you just search a domain (or part of one) and see what's exposed.

it's read-only and free. one thing i've been thinking about adding is a way to register for certain keywords and get notified when something new shows up for that search.

would love to hear if you have other ideas for useful features, and also ideas for how to reduce abuse of the data, since that's the part i'm least sure about.

https://search.cerast-intelligence.com/

sandeepkd 39 minutes ago | parent | next [-]

Its interesting and not interesting at the same time based on some of the search results

Almost all of them seem like home projects being deployed with ease in mind than security. The common thread seems to be the fact that most of them are phishing website, not sure if thats a business model to target here?

cvadict 40 minutes ago | parent | prev [-]

searching for .gov reveals 0 matches... doubt

sandeepkd 36 minutes ago | parent [-]

My guess is that they ran selective search on the domains which get registered with any registrar, thats the trigger to start the search. .gov domains are not managed by your typical registrar which is selling the domain registration information to all these downstream partners/scavengers (for lack of better word)

jadamson 23 minutes ago | parent [-]

The OP says it's using CT logs, not new domain registrations. The approach you have in mind would not include subdomains and would be less likely to coincide with a new server being configured.